MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07fbd74b4065f3fb0a5cdb048add86942df8aeba1254e2843e0cfb93c4cb4302. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07fbd74b4065f3fb0a5cdb048add86942df8aeba1254e2843e0cfb93c4cb4302
SHA3-384 hash: 35e2e48b3e37fc0d198503c3c77ec7a8e7265d500dcad84bd6efa02360411a0a2e3b4efe6da72f0f12a7303c601c1140
SHA1 hash: 9b9431621a4a1c7942c5dc8ca994af42d6d7fce6
MD5 hash: 078cdf1722d4d5cbbdf683d7e8b2daba
humanhash: fourteen-social-triple-berlin
File name:printout copy.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:506'302 bytes
First seen:2020-09-24 06:18:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:B7Xs0FT18uELvSl/iuf/saA290djp9KzF:Bp81vSl/rf/A290b9W
TLSH 14B42342588AF202375C3ABED706C949776609D4F8B8CA925D0CD9DC1DF60BBF6418EB
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "info@manifestodesign.eu"
Received: "from manifestodesign.eu (unknown [64.52.174.102]) "
Date: "23 Sep 2020 23:17:41 -0700"
Subject: "GI Payment(Wire) Confirmation For GIHTLDOM00000030531 And Payment Date 23 09 2020 "
Attachment: "printout copy.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07fbd74b4065f3fb0a5cdb048add86942df8aeba1254e2843e0cfb93c4cb4302/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-09-24 03:17:55 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a755os2amxz7wcs43mcivxmgsqw7rlv2cjkofbb6bt5zhrglimba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/07fbd74b4065f3fb0a5cdb048add86942df8aeba1254e2843e0cfb93c4cb4302

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 07fbd74b4065f3fb0a5cdb048add86942df8aeba1254e2843e0cfb93c4cb4302

(this sample)

AgentTesla

Executable exe cf22a4ba35e94ec83bdf1aec7b4422009aa33f7c6a2c707513d7b1a9eafb368c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cf22a4ba35e94ec83bdf1aec7b4422009aa33f7c6a2c707513d7b1a9eafb368c

Comments